Engineering notes from the trenches.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
3 posts ← reset filters

Playwright's request context goes far beyond replacing Postman — it's a programmable, scalable tool for API security testing, auth token replay, schema validation, and multi-step attack simulation. Here's how a pentester uses it.

How to mock outgoing server-side HTTP requests in Playwright end-to-end tests using mockttp as a per-worker forward proxy, giving you deterministic control over third-party API calls without touching your application code.
CloakBrowser claims to be a stealth Chromium that passes every bot detection test. I installed it, ran it against reCAPTCHA v3, Cloudflare Turnstile, and FingerprintJS to see if the hype is real.